Government And IT - "A Recipe For Rip-Offs": Time For A New Approach - Public Administration Committee Contents


Written evidence submitted by Socitm

PREFACE

Socitm is the association for Information and Communications Technology (ICT) and related professionals in the United Kingdom public and third sectors, and suppliers to these sectors. It offers networking and peer support, professional development, and access to research and consultancy on a wide range of policy and technology issues to its over 1,500 members.

Socitm works with the Local Government Group (Local Government Association and Local Government Improvement & Development) and the Local e-Government Standards Body (LeGSB) in areas such as data quality, interoperability standards, transparency and open data; with Central Government, including Cabinet Office, HM Treasury, the Department of Communities and Local Government, the Department of Work and Pensions, Centre for the Protection of National Infrastructure and CESG(National technical authority for advice and services to protect Government voice and data networks); and with other professional associations and groups, such as the Chartered Institute of Public Finance and Accountancy. The Local Chief Information Officer (CIO) Council is made up of Socitm members and supplies representatives to the CIO and Chief Technology Officer (CTO) Councils. Socitm also has strong links to its partner associations in Europe and around the world, and is a signatory to the recent Citadel Statement (http://egovstatement.wordpress.com) that identifies a number of barriers to effective use of IT at the local level throughout Europe.

At the request of the Government CIO, the Local CIO Council has commissioned Socitm to produce a local public services ICT strategy; this work is in progress.

KEY POINTS

—  Technology policy is poorly co-ordinated and governed across government.

—  Local public services' input into technology policy co-ordination is often too little, too late.

—  "Pan-local/pan-public-sector" strategy, architecture and commissioning is the optimum way to consolidate co-ordination and implementation of information and technology policy and to achieve or even exceed the order of savings required over the next four years.

—  Benefits realisation and capture of savings are weak and need to be improved by using rigorous business change methods.

—  Past lessons have not been learnt and applied.

—  Change programmes continue to be largely technology-led, rather than to be driven by public service outcomes.

—  Benchmarking is a key starting point for establishing how well IT services are performing.

—  IT needs to be an intrinsic part of public services design and delivery.

—  Agile, web-enabled, secure delivery of IT should be key features of future IT deployment.

—  Skills development needs to focus on strategic business change, strategic commissioning and information governance.

—  Take-up of the Government IT Professional Skills Framework needs to be widened.

—  Procurement practices are inefficient and exclude SMEs and disruptive technology applications.

—  Government needs to maintain control over strategy, policy, standards and security capability.

—  Public Sector Network, shared services and cloud provisioning should become key features of public services IT infrastructure.

—  Security needs to be proportionate to the risks facing local public services.

RESPONSES TO PASC QUESTIONS

1.  How well is technology policy co-ordinated across Government?

1.1  Technology policy is poorly co-ordinated across Government and is often formed without considering the views of all relevant stakeholders.

1.2  The CIO Council and the CTO Council have brought a degree of co-ordination, but there is still a recurring theme of local government being ignored until late in the technology application cycle and, typically, not until it reaches implementation. This is despite the fact that around 60% of Government interactions with citizens occur at the local level. It is often left to organisations such as Socitm and the LG Group to lobby central government on behalf of local public services. Additionally, much of the work done by various CIO and CTO council working groups has not been completed or published.

1.3  At the local level, technology and information assurance are better coordinated now through the work of the Local CIO Council (facilitated by Socitm) and the Local Government Delivery Council. The sums of money needed to support local government input into wider public sector co-ordination would not be significant but, with the exception of the Local e-Government Programme (2000-05), provision for local public services engagement in co-ordination of technology policy and implementation is absent.

2.  How effective are its governance arrangements?

2.1  Governance of IT is not co-ordinated, leading to fragmented procurement, duplicated and incompatible systems and extra cost. The former Central Computer and Telecommunications Agency was able to take an overarching view in the same way as CESG (part of GCHQ) does now for information assurance.

2.2  Socitm believes that "pan-local/pan-public-sector" governance of strategy, architecture and commissioning is the best way to consolidate co-ordination and implementation of information and technology policy. This would address architectures and arrangements for commissioning services, via a multi-sourced approach, based on the pan-local need. The result would be less need for IT delivery within local public service organisations. This approach, which would need to include central government departments delivering locally, has the potential to deliver radical reform and to achieve, or even exceed, the order of savings required over the next four years, both in IT provisioning and in the local public services that IT enables.

2.3  Information governance is a particularly complex area and this is not helped by each department, government agency and local authority having its own view on what information governance is and how it should be implemented. A central body determining and enforcing standards and funding central, common strategic and policy work, especially around network, identity and authentication systems, would save significant sums of money, cut waste and facilitate a buy once, use many approach.

2.4  Although the private sector has a role to play, much money is wasted, because government does not have the in-house expertise to develop and maintain systems and capabilities. The majority of this work is outsourced, which means the knowledge is grown externally to the public sector community. Whilst the private sector may profit from this, it is not always to the mutual benefit of both sectors.

2.5  Governance of benefits realisation and capture of savings from IT-enabled business change projects is weak. For this reason, Birmingham City Council developed the CHAMPS2 (www.champs2.org) business change methodology, which is now being adopted successfully by a growing number of public service organisations worldwide to ensure rigorous realisation of benefits and savings.

3.  Have past lessons from NAO and OGC reviews about unsuccessful IT programmes been learnt and applied?

3.1  The number of failures, both past and present, suggests that lessons have not been learnt and applied. The National Health Programme for IT, the UK eGovernment Interoperability Framework and the Code of Connection are all examples of projects which have been driven by technology, rather than by public service outcomes.

3.2  Office of Government Commerce (OGC) work focuses on central government, so apart from PRINCE, MSP and other methodologies, their work is of limited value for the wider public sector.

3.3  The OGC Gateway process is effective, but it is often misunderstood and not followed. Failure of large, high profile projects is often due to a lack of effective business change management (and underlying portfolio and programme management).

4.  How well is IT used in the design, delivery and improvement of public services?

4.1  Answering this question will become increasingly difficult because of the abolition of the Audit Commission. In order for local authorities, public bodies or central government departments to establish how well they are performing in a particular area, there must be a baseline against which to perform a comparison. Socitm's Benchmarking Service offers a robust baseline of information on IT services in local public services.

4.2  Public services are often designed and may even be implemented before IT is retrospectively fitted to the service, instead of IT being intrinsic in service design. Exceptions include online payment of parking fines, implementation of Oyster Cards by Transport for London and online management of student finance. The gains to be made from digital delivery are well known (eg from Socitm's own Channel Value Benchmarking research), but implementation is slow and sporadic. This makes it all the more important that IT is involved from the early stages of public service design, delivery and improvement.

4.3  Cybersecurity is becoming increasingly important as we move towards shared, multi-agency services, involving citizen interaction over the Internet.

5.  What role should IT play in a "post-bureaucratic age"?

5.1  The focus of most of the questions in this consultation is technology. However, this only makes sense in the context of the purpose technology serves, which is to process data and to produce information to enable desired public service outcomes. Consequently, effective management and use of government data and information will be a prerequisite for successful use of IT in a "post-bureaucratic age".

5.2  We need to shift from the traditional, silo-based IT approach, towards the development of agile, web enabled and secure service delivery, utilising the Internet, and involving the citizen, businesses and the voluntary sector, whilst ensuring that the quality of the data and its security is maintained.

6.  What skills does Government have and what are those it must develop in order to acquire IT capability?

6.1  The role of IT is changing. Required skills are moving away from technology, towards strategic business change, strategic commissioning (procurement and supplier management) and information governance. The record of failed IT projects, the fact that the Senior Information Risk Owner role often resides in someone who does not understand what the role entails, and shortfalls in commercial acumen and strategic provisioning mean that IT is not tightly integrated into the design and reform of public services.

6.2  We need skills in developing "fit for purpose" standards that will ensure full integration and interoperability. We need excellence in enterprise and security architecture. We need leadership, governance and programme management skills, so that government has its own capability to develop the services and systems that it needs for the future. These skills take time to acquire and develop, making it vitally important that an effective skills framework and career path is put in place.

6.3  Although a Government IT Profession Skills Framework has been developed, it has yet to be taken-up effectively across all government.

7.  How well do current procurement policies and practices work?

7.1  There is much room for improvement in procurement practices. Much of the inefficiency is due to the way in which EU procurement regulations are implemented in the UK. These often bind government into bureaucratic contracts, which do not offer best value, and tend to deliver self-serving systems, rather than systems serving public service outcomes. Additionally, OGC frameworks do not allow rapid purchasing and deployment.

7.2  The OGC approach towards large frameworks precludes SMEs from bidding for government work, to the point where they tend to be engaged only as sub-contractors. This adds significant transaction costs to the supply chain. A simple way to reduce regulation and bureaucracy would be to raise the EU procurement threshold. This would mean that SMEs are more able to bid for work in Government and help to promote economic growth in the UK.

7.3  Councils themselves have their own bureaucratic processes when engaging with new suppliers. Time and money could be saved by implementing a national procurement registration process linked to HMRC and Companies House.

8.  What infrastructure, data or other assets does government need to own, or to control directly, in order to make effective use of IT?

8.1  For commodity items such as applications software, ownership does not need to reside with Government. However, it is vital that Government maintains control over strategy, policy, standards and security capability. Outsourcing these elements leads to a loss of capability and capacity to control around IT systems and costs.

8.2  Effective management of information is just as important as technology. Strong information governance and compliance should be in place across government and the wider public sector to ensure that best practice is followed and to co-ordinate effective information sharing.

8.3  Where information is of a sensitive nature, government should have an appropriate mechanism for securely transferring it. Given that the Internet is the main route of attack for cyber-threats, there is a need for highly available network which is less prone to this type of attack so that in the event of a cyber-attack, government can continue to function. Any government network must also be able to facilitate inter-organisational shared services. The PSN standards should meet these requirements and attention needs to be focused on these, rather than the business aspirations of the current main communications suppliers.

9.  How will public sector IT adapt to the new "age of austerity"?

9.1  Austerity has already had an impact on professional development and knowledge sharing, with cuts to training and travel budgets. Austerity causes organisations to economise and only to look inwards for solutions, when better ideas may exist outside.

9.2  Government needs to carefully consider the implications of cost cutting. Innovation and development will diminish, and training will be restricted. This will cause morale, and productivity to decline. There is a danger that some organisations will just see IT as another cost centre which needs to take its fair share (or more) of cuts, when in reality, more services than ever before will need to be delivered digitally.

9.3  Where new initiatives are planned, a "Gate Zero Review" (OGC Gateway Review) should be undertaken to ensure that best value is being realised and, before buying new, organisations should check that there is not already something similar, no longer required elsewhere, but still contracted to be paid for, that cannot be re-purposed.

9.4  Service-led innovations, which are enabled by technology and which disrupt current ways of thinking need to be encouraged. However, current framework approaches to procurement inhibits these. The costs associated with registering on OGC Frameworks inhibit smaller, innovate businesses from bidding for work in government.

9.5  The PSN, as a "network of networks", is a critical undertaking that, wherever possible, should reuse existing network assets to provide the infrastructure for shared services and cloud provisioning of IT.

9.6  A growing number of local authorities are planning to make significant cost savings through the use of shared IT services. Utilising the PSN, traditional geographical constraints to the sharing of services can be overcome, while some are implementing shared IT services across multiple types of organisations.

9.7  Money can also be saved by making use of cloud services. Applications can be designed, tested and accredited once and then deployed across multiple organisations at a reduced unit cost. Hosting and delivering applications or services in the cloud removes the need for individual organisations to separately procure and manage costly and complex infrastructure. Many suppliers to local public services are already making cloud-based products and services available.

9.8  Government should also consider the overheads of procurement. Procurement itself should be measured as a percentage of the overall contract price.

10.  How well does Government take advantage of new technological developments and external expertise?

10.1  Local government has limited or no capacity for technological developments. Technology is only taken advantage of when there is a clear business case that a service might be improved by the use of it. Very rarely does technology inspire the development of new or improved services. Furthermore, the history of past, failed IT projects means that business leaders and service managers are reluctant to take note of and to adopt disruptive innovations.

10.2  Government works with industry through many fora and media. However, these tend to be dominated by large companies. Policies and procedures for procurement make it difficult for SMEs to engage, with the result that innovative products and services from them get ignored.

10.3  IT is often an afterthought in the design and delivery of services, with technology experts simply responding to the demands of service and business managers. They do not have an understanding of the underlying objectives or desired outcomes, nor the process and governance constraints. This hinders the development of innovative and transformational systems.

11.  How appropriate is the Government's existing approach to information security, information assurance and privacy?

11.1  UK Government has for a long time, been one of the world leaders in information security, and information assurance. However, resilience is poorly addressed, while security tends to be set at disproportionate and costly levels for the risks facing local public services.

11.2  The current model that links authentication, credentials and authorisation is incomplete. Federated identity management would go some way to removing this obstacle by eliminating the need for multiple authentication systems. Common commercial standards for data security and privacy could apply to many areas of public services.

11.3  The new cybersecurity approach is wholly focused on central government and defence, ignoring the wider public sector. As more services are devolved and delivered locally, the threat "surface" will change and the capability to respond to new threats will need to change with it, without being hindered by complex frameworks or prohibitively costly contracts.

12.  How well does the UK compare to other countries with regard to government procurement and application of IT systems?

12.1  It is difficult to draw a direct comparison between the UK and other countries because of differences in the type and scale of projects which are put out to tender. However, the UK does seem to have more than its fair share of failed IT procurements.

12.2  Other countries are able to achieve greater flexibility and speed of procurement, including those in Europe that need to comply with EU procurement rules. Government should facilitate an exercise to collate best practice from around the world, learning from other countries' experiences and providing clear guidance.

January 2011


 
previous page contents next page


© Parliamentary copyright 2011
Prepared 28 July 2011